Singapore is making a bold move to protect itself from cyberattacks by cutting off internet access for civil servants while at work. It’s a strange tactic for the country, which has made a name for itself by embracing technology and smart city initiatives unlike anywhere.

But clearly the single layer of government in the city-state has fears over how well it can sustain a cyberattack. In a radical plan that has been criticised heavily, the government is cutting off internet access – air-gapping – public servants’ computers at work to reduce the risk of hacks and data breaches.

Security experts have stated that while concerns are valid, cutting off access for civil servants will have detrimental effects on the nation’s day-to-day operations and communications, especially when it comes to communicating between departments and telecommuting employees.

It remains to be seen what kind of immediate effect the cut-off will have on employee productivity. The government said it was “exploring innovative work solutions to ensure work processes remain efficient” but day-to-day operations in the office is likely to take a hit as staff adjusts to the new system.

Security is very real threat

Singapore’s fears over cyberattacks stem from very real examples. In an August report from FireEye’s Mandiant, it showed that Asian companies have some of the poorest defences against cyber threats and they were 80% more likely to be attacked compared with other regions. “They’re not doing enough,” said Grady Summers, FireEye’s CTO. As part of its investigation, Mandiant hacked into the network of an Asian company, which had volunteered and consented, to test its defences.

This isn’t the first time that FireEye had found gaping security holes in the region’s businesses. In December it collaborated on a report with Singaporean telco Singtel that found that 29% of surveyed companies in Southeast Asia were targeted for attacks in a six-month period.

The report stated that industries like media and hospitality were the top targets with government down the list but still a prime target.

The Cyber Security Agency of Singapore is overseeing the security and protection of government networks. David Koh, its new CEO, is leading this decision to air-gap staff computers and described the vast attack surface of government staffers’ networks as “like a building with a zillion windows, doors, fire escapes” that cannot be secured.

Bring Your Own Device

Public servants are not being totally cut from the internet though. They’ll still be able to access the web through their own personal devices. Bring Your Own Device (BYOD) is a growing trend in the workplace for both office works and on-the-go staff but BYOD raises a whole host of other security concerns. Not to mention privacy concerns for the employees themselves.

“Allowing BYOD devices to connect to the government’s network while restricting internet access from work computers is a bit counter-intuitive, as employees will still be able to download potentially harmful content using the same network,” says Bogdan Botezatu, a senior e-threat analyst at Romanian cybersecurity firm Bitdefender.

He advises the Singaporean government, and any organisation for that matter, that there are a couple of must-have protocols for BYOD. This includes clearly segregating the networks and putting an access policy in place that dictates what company data can be accessed via a personal device.

Government agencies and departments have had to contend with the ever-present threat of cyber-attacks in different ways and it’s led to some pretty extreme measures. Singapore’s move is unprecedented. Governments and businesses may restrict internet access or snoop on traffic on their networks to make sure people are sticking to their work but cutting off internet access to prevent attack is different.

Russia has become increasingly controlling over the internet, erecting a sort of barrier that’s becoming more and more like that of China. It’s also passed a law that requires companies to store all data for six months. Russia describes the measures as necessary to tackle terrorism but gives the country an incredible amount of control over the web. Iran, with its reputation for censorship, has gone one step further by creating its own domestic intranet that, much like the aspirations of Russia, gives it much more control.

Of course, Singapore’s decision to air-gap government staff computers is certainly not as extreme as, or comparable to Russia and Iran, but shows that organisations big and small are struggling to find ways to mitigate attacks in a comprehensive way. No one has a good answer yet.